faf506ac3424a761bbf14056f885a75b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

faf506ac3424a761bbf14056f885a75b_JaffaCakes118
Size

302KB
MD5

faf506ac3424a761bbf14056f885a75b
SHA1

3be455011d061b1a7fdb1a0c1b57030311f27601
SHA256

f7dad6e1a0ebd45a4275040438ad8bedb1a3035953b35b976b6d46983b5ddae2
SHA512

db4987a4d0bae185985edaa99a83ebe95b7da35908ded82bff119acf46e293894e3b02c692dd1f9f242884cb955ae8e283e8480afe320ddfba21840639a5733f
SSDEEP

3072:bMHFZxSTPtEptNq+YZ252Yd32qlgprIhtgjT+0r7f5dn6s6QNmYAe:b4ZoPtEDVgNYVgrjS0r7xR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faf506ac3424a761bbf14056f885a75b_JaffaCakes118

Files

faf506ac3424a761bbf14056f885a75b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c4096488a194ba24615410b18c53c19d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\srcnew\plibd\Release\pllib.pdb

Imports

kernel32

GetTickCount
CloseHandle
WriteFile
CreateFileW
FreeLibrary
LoadLibraryExW
CreateThread
RaiseException
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
SetThreadLocale
GetThreadLocale
GetVersionExW
WinExec
GetWindowsDirectoryW
lstrlenA
GetProcAddress
LoadLibraryW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetLastError
GetLocaleInfoA
GetStringTypeW
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
Sleep
VirtualAlloc
VirtualFree
GetACP
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
InterlockedExchange
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
TerminateProcess

user32

CharLowerA
CharNextW
MessageBoxW
UnregisterClassA

advapi32

IsTextUnicode
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoGetClassObject
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

RegisterTypeLi
SysAllocStringLen
SysFreeString
VarBstrCmp
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SysStringLen
LoadRegTypeLi
VarBstrCat
VariantClear
UnRegisterTypeLi
LoadTypeLi

rpcrt4

NdrStubForwardingFunction
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

wininet

HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetSetCookieW
HttpOpenRequestW
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetGetCookieW

urlmon

CoInternetGetSession

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UnInstall

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4096488a194ba24615410b18c53c19d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

wininet

urlmon

version

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.orpc Size: 1024B - Virtual size: 576B

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 150KB - Virtual size: 149KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 103KB - Virtual size: 102KB

.orpc
Size: 1024B - Virtual size: 576B

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 10KB - Virtual size: 10KB